package com.junxi.microservices.bookstore.gateway.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;


@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
                .authorizeExchange(exchanges -> exchanges
                        .pathMatchers("/actuator/**").permitAll()
                        .pathMatchers("/auth/**").permitAll()  // 认证服务不需要认证
                        .anyExchange().authenticated()
                )
                .oauth2Login(oauth2 -> {
                    // WebFlux环境下不需要显式设置loginPage
                    // 默认会使用/oauth2/authorization/{registrationId}
                })
                .oauth2Client(client -> {
                    // 客户端配置
                })
                .oauth2ResourceServer(resourceServer -> resourceServer
                        .jwt(jwt -> {
                            // JWT配置
                        })
                );

        return http.build();
    }
}